date:20140523

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

2014-05-23 Thread Anthony Verez (JIRA)

Anthony Verez created BIT-1195:
--

 Summary: SSL: subject overflow in issuer_subject
 Key: BIT-1195
 URL: https://bro-tracker.atlassian.net/browse/BIT-1195
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: 2.2, git/master
 Environment: Tested on Debian and Security Onion
Reporter: Anthony Verez
 Attachments: 2.2_logs.tar.gz, capture.pcap, master_logs.tar.gz

Hi,

I found a string overflow of subject into issuer_subject that can be seen in 
both ssl.log (2.2 and master) and x509.log (master)

Steps to reproduce:
1. Start capturing
2. openssl s_client -connect 63.245.215.80:443
3. Stop capturing
4. Load the pcap in Bro

Problem:
* cat -t master_logs/ssl.log -> "Orga^Inization"
* cat -t master_logs/x509.log -> "Orga^Inization"
* cat -t 2.2_logs/x509.log -> "Orga^Inization"

Whereas the openssl command above gives
subject=/businessCategory=Private 
Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C2543436/street=650
 Castro St Ste 300/postalCode=94041/C=US/ST=CA/L=Mountain View/O=Mozilla 
Foundation/CN=bugzilla.mozilla.org
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV 
CA-1

I have attached:
* the pcap
* logs in both 2.2 and master (bro -r capture.pcap)

Great job on beta 2.3 :-)




--
This message was sent by Atlassian JIRA
(v6.3-OD-04-019#6322)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

2014-05-23 Thread Bernhard Amann (JIRA)


 [ 
https://bro-tracker.atlassian.net/browse/BIT-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bernhard Amann updated BIT-1195:


Fix Version/s: 2.3

> SSL: subject overflow in issuer_subject
> ---
>
> Key: BIT-1195
> URL: https://bro-tracker.atlassian.net/browse/BIT-1195
> Project: Bro Issue Tracker
>  Issue Type: Problem
>  Components: Bro
>Affects Versions: git/master, 2.2
> Environment: Tested on Debian and Security Onion
>Reporter: Anthony Verez
>Assignee: Bernhard Amann
> Fix For: 2.3
>
> Attachments: 2.2_logs.tar.gz, capture.pcap, master_logs.tar.gz
>
>
> Hi,
> I found a string overflow of subject into issuer_subject that can be seen in 
> both ssl.log (2.2 and master) and x509.log (master)
> Steps to reproduce:
> 1. Start capturing
> 2. openssl s_client -connect 63.245.215.80:443
> 3. Stop capturing
> 4. Load the pcap in Bro
> Problem:
> * cat -t master_logs/ssl.log -> "Orga^Inization"
> * cat -t master_logs/x509.log -> "Orga^Inization"
> * cat -t 2.2_logs/x509.log -> "Orga^Inization"
> Whereas the openssl command above gives
> subject=/businessCategory=Private 
> Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C2543436/street=650
>  Castro St Ste 300/postalCode=94041/C=US/ST=CA/L=Mountain View/O=Mozilla 
> Foundation/CN=bugzilla.mozilla.org
> issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV 
> CA-1
> I have attached:
> * the pcap
> * logs in both 2.2 and master (bro -r capture.pcap)
> Great job on beta 2.3 :-)



--
This message was sent by Atlassian JIRA
(v6.3-OD-04-019#6322)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

2014-05-23 Thread Bernhard Amann (JIRA)


 [ 
https://bro-tracker.atlassian.net/browse/BIT-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bernhard Amann reassigned BIT-1195:
---

Assignee: Bernhard Amann

> SSL: subject overflow in issuer_subject
> ---
>
> Key: BIT-1195
> URL: https://bro-tracker.atlassian.net/browse/BIT-1195
> Project: Bro Issue Tracker
>  Issue Type: Problem
>  Components: Bro
>Affects Versions: git/master, 2.2
> Environment: Tested on Debian and Security Onion
>Reporter: Anthony Verez
>Assignee: Bernhard Amann
> Fix For: 2.3
>
> Attachments: 2.2_logs.tar.gz, capture.pcap, master_logs.tar.gz
>
>
> Hi,
> I found a string overflow of subject into issuer_subject that can be seen in 
> both ssl.log (2.2 and master) and x509.log (master)
> Steps to reproduce:
> 1. Start capturing
> 2. openssl s_client -connect 63.245.215.80:443
> 3. Stop capturing
> 4. Load the pcap in Bro
> Problem:
> * cat -t master_logs/ssl.log -> "Orga^Inization"
> * cat -t master_logs/x509.log -> "Orga^Inization"
> * cat -t 2.2_logs/x509.log -> "Orga^Inization"
> Whereas the openssl command above gives
> subject=/businessCategory=Private 
> Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C2543436/street=650
>  Castro St Ste 300/postalCode=94041/C=US/ST=CA/L=Mountain View/O=Mozilla 
> Foundation/CN=bugzilla.mozilla.org
> issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV 
> CA-1
> I have attached:
> * the pcap
> * logs in both 2.2 and master (bro -r capture.pcap)
> Great job on beta 2.3 :-)



--
This message was sent by Atlassian JIRA
(v6.3-OD-04-019#6322)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [Auto] Merge Status

2014-05-23 Thread Merge Tracker


Open GitHub Pull Requests
=

IssueComponent UserUpdated Title
---    --  --  
---
#9 [1]   bro   Mraoul [2]  2014-05-19  New Logging Writers based on 
librabbitmq [3]
#4 [4]   time-machine  mareq [5]   2014-04-10  When deleting connections 
hashtable, delete stored connections as well. [6]
#3 [7]   time-machine  mareq [8]   2014-04-10  Correct handling of Linux SLL 
header and VLAN headers. [9]
#2 [10]  time-machine  mareq [11]  2014-04-09  Query interval start/end is now 
taken into account. [12]
#1 [13]  time-machine  mareq [14]  2014-03-19  TM-16: Really skip VLAN header 
for indexing. [15]


[1]   Pull Request #9 https://github.com/bro/bro/pull/9
[2]   Mraoul  https://github.com/Mraoul
[3]   Merge Pull Request #9 with  git pull https://github.com/MITRECND/bro.git 
topic/rabbit_writers
[4]   Pull Request #4 https://github.com/bro/time-machine/pull/4
[5]   mareq   https://github.com/mareq
[6]   Merge Pull Request #4 with  git pull 
https://github.com/mareq/time-machine.git topic/mareq/memory-leaks
[7]   Pull Request #3 https://github.com/bro/time-machine/pull/3
[8]   mareq   https://github.com/mareq
[9]   Merge Pull Request #3 with  git pull 
https://github.com/mareq/time-machine.git topic/mareq/linktype-linux-sll
[10]  Pull Request #2 https://github.com/bro/time-machine/pull/2
[11]  mareq   https://github.com/mareq
[12]  Merge Pull Request #2 with  git pull 
https://github.com/mareq/time-machine.git topic/mareq/in-memory-query-interval
[13]  Pull Request #1 https://github.com/bro/time-machine/pull/1
[14]  mareq   https://github.com/mareq
[15]  Merge Pull Request #1 with  git pull 
https://github.com/mareq/time-machine.git topic/mareq/tm-16

___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject

[Bro-Dev] [Auto] Merge Status

4 matches

Site Navigation

Mail list logo

Footer information